1
00:00:00,060 --> 00:00:02,910
‫So hang on, before rushing in to start our first Nessa scan.

2
00:00:03,240 --> 00:00:06,030
‫I'd like to show you how to create our own policies.

3
00:00:06,570 --> 00:00:13,860
‫Policies allow you to create custom templates defining what actions are performed during a scan in the

4
00:00:13,860 --> 00:00:15,240
‫NASA's web interface.

5
00:00:15,240 --> 00:00:18,000
‫Click policies at the left side you see that good.

6
00:00:18,330 --> 00:00:21,930
‫Click the Create a new policy link inside the Policies page.

7
00:00:22,200 --> 00:00:26,070
‫Now here we have a lot of scanners, so an advanced scan.

8
00:00:26,520 --> 00:00:31,530
‫All the options are chosen by us without any guidance or recommendations.

9
00:00:32,370 --> 00:00:36,360
‫Basic network scan is generally suitable for any host.

10
00:00:37,280 --> 00:00:43,820
‫Internal PCI Networks Scan is designed for internal scans, and it's based on PCI DSS standards.

11
00:00:44,970 --> 00:00:52,830
‫PCI, DSS Payment Card Institute and data security standards, simply one of the most important information

12
00:00:52,830 --> 00:00:53,790
‫security standards.

13
00:00:54,000 --> 00:01:00,450
‫So it looks like the days when this video was captured that spectre and Meltdown are the really new

14
00:01:00,450 --> 00:01:01,230
‫vulnerabilities.

15
00:01:01,680 --> 00:01:07,050
‫So here there is a scan specialized for Spectre and Meltdown vulnerabilities.

16
00:01:07,740 --> 00:01:11,310
‫This clearly shows how up to date Nessus is here.

17
00:01:11,310 --> 00:01:14,210
‫There's another scanners specific for web applications.

18
00:01:15,240 --> 00:01:16,920
‫So let's configure our own scan.

19
00:01:17,100 --> 00:01:18,540
‫Click Advanced Scan.

20
00:01:19,110 --> 00:01:20,550
‫First, give a name for your policy.

21
00:01:27,550 --> 00:01:29,650
‫Now go to Discovery section.

22
00:01:30,070 --> 00:01:32,590
‫So we're in the host discovery page.

23
00:01:33,010 --> 00:01:39,220
‫Here we have a ping, the remote host option and the settings of the ping if we're going to use the

24
00:01:39,220 --> 00:01:40,690
‫data we collected within Map.

25
00:01:41,410 --> 00:01:48,340
‫We can close this ping scan because we already have the lists of the hosts click port scanning to configure

26
00:01:48,340 --> 00:01:49,540
‫port scanning options.

27
00:01:50,750 --> 00:01:54,380
‫The default value of the port scan ranges will default.

28
00:01:54,650 --> 00:01:59,480
‫That means Nessus will scan the ports, which is in its nesses services file.

29
00:02:00,050 --> 00:02:03,560
‫Now I go to the terminal screen to analyze NSA services file.

30
00:02:04,290 --> 00:02:05,960
‫Let's find the file first.

31
00:02:06,770 --> 00:02:08,570
‫Use the fine command to find the file.

32
00:02:09,410 --> 00:02:13,070
‫Slash means that the search will begin from the root directory.

33
00:02:13,990 --> 00:02:19,480
‫Dash name shows the name of the search file and hit enter.

34
00:02:19,990 --> 00:02:20,530
‫And here it is.

35
00:02:21,220 --> 00:02:23,560
‫You can stop the search using Control C keys.

36
00:02:24,960 --> 00:02:27,900
‫I use a less common to see the content of the file.

37
00:02:29,440 --> 00:02:33,520
‫Here are the port's protocols and the default services which use these ports.

38
00:02:34,180 --> 00:02:40,600
‫Now I want to see the number of the lines of NASA's services file to understand how many ports are scanned

39
00:02:40,600 --> 00:02:41,320
‫by default.

40
00:02:42,400 --> 00:02:43,780
‫Command with a file name.

41
00:02:44,170 --> 00:02:47,050
‫Pipe down, will you see to see the word count?

42
00:02:48,630 --> 00:02:53,970
‫The first number is the number of lines, a second one is a number of the words and the last one is

43
00:02:53,970 --> 00:02:55,110
‫the number of the characters.

44
00:02:56,260 --> 00:03:03,940
‫So we can say that 9000 ports are scanned by default, which is a total of both TCP and UDP ports.

45
00:03:04,690 --> 00:03:08,170
‫But what have you want to see the number of TCP ports scanned by default?

46
00:03:09,010 --> 00:03:14,040
‫You can use grep before WC Typekit file name.

47
00:03:14,080 --> 00:03:14,920
‫Pipe grep.

48
00:03:14,920 --> 00:03:16,810
‫TCP pipe WC.

49
00:03:17,170 --> 00:03:20,140
‫You will see the number of TCP ports scanned by default.

50
00:03:21,200 --> 00:03:23,810
‫There are about 4600 TCP ports.

51
00:03:24,410 --> 00:03:30,380
‫Now, if you want to scan for all ports, you should type one through six five five three five in port

52
00:03:30,380 --> 00:03:31,430
‫scan range feel.

53
00:03:32,630 --> 00:03:37,010
‫So here are the options to use state service for local board enumerators.

54
00:03:37,730 --> 00:03:39,290
‫So let's have a short break here.

55
00:03:39,470 --> 00:03:45,500
‫If you have some credentials to scan some services and death, you can define those credentials before

56
00:03:45,500 --> 00:03:46,220
‫the scan.

57
00:03:46,610 --> 00:03:53,240
‫So here, select the Credentials tab and you see some services when you click the associate, for example.

58
00:03:54,340 --> 00:03:55,880
‫You will see the credential options.

59
00:03:56,770 --> 00:03:58,870
‫But let's remove this for now.

60
00:03:59,800 --> 00:04:02,620
‫Now turn back to Settings by clicking its tab.

61
00:04:03,280 --> 00:04:08,350
‫We were in Discovery Port scanning page, and here are the port scanning options.

62
00:04:08,530 --> 00:04:15,670
‫Since scan is selected by default, if you like, you can select TCP and or UDP scans as well.

63
00:04:16,000 --> 00:04:18,370
‫Now go to the advanced section.

64
00:04:19,240 --> 00:04:21,250
‫Safe checks are enabled by default.

65
00:04:23,340 --> 00:04:29,160
‫So we can select scan IP addresses in random order to make the scan a little more stealthy.

66
00:04:29,880 --> 00:04:31,530
‫Let's look at the performance options.

67
00:04:31,830 --> 00:04:38,610
‫We can reduce the number of Mac simultaneous hosts per scan to avoid delays in network traffic.

68
00:04:40,290 --> 00:04:44,970
‫Max, number of concurrent TCP sessions per host is not defined by default.

69
00:04:45,510 --> 00:04:48,630
‫We can define an upper bound to keep the hosts safe.

70
00:04:49,230 --> 00:04:56,220
‫And again, we may define a maximum number of concurrent TCP sessions per scan to keep the network traffic

71
00:04:56,220 --> 00:04:56,700
‫safe.

72
00:04:56,790 --> 00:05:03,630
‫Now, look at the tabs on the top of the new policy page and you'll see the plug ins tab, right.

73
00:05:03,630 --> 00:05:07,080
‫So here we have tons of plug ins used in Nessus scans.

74
00:05:07,650 --> 00:05:12,000
‫If you click one of the plug in families, you'll see all the plug ins of that family.

75
00:05:12,870 --> 00:05:15,300
‫You see the total number of plug ins that are plug in family.

76
00:05:15,780 --> 00:05:17,250
‫And here are the plug ins.

77
00:05:18,500 --> 00:05:22,460
‫You can click on enabled next to a plug in to disable it.

78
00:05:23,560 --> 00:05:30,460
‫Or if you want to disable an entire plug in family entirely, for example, denial of service, click

79
00:05:30,460 --> 00:05:34,540
‫on Enable Label next to the name of the plug in family, click Save.

80
00:05:35,140 --> 00:05:37,180
‫And now we have our own scan policy.